Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/310d34-f5d8-4e96-9b7c-648f501afae5/1/uCr3wsSV16niwIIIeWHNsUKb9nk.roa
File:                     uCr3wsSV16niwIIIeWHNsUKb9nk.roa (raw, json)
Hash identifier:          gNT5KD7dUwXhuvbp+i1N7ysjJiIfUMghIEA3N1JG3Mg=
Subject key identifier:   B8:2A:F7:C2:C4:95:D7:A9:E2:C0:82:08:79:61:CD:B1:42:9B:F6:79
Certificate issuer:       /CN=cc6532649a6aef4714841b9c8f54660d889b0629
Certificate serial:       018CC5DCD9E18B5BDCAC4036B8BA12A3FF23
Authority key identifier: CC:65:32:64:9A:6A:EF:47:14:84:1B:9C:8F:54:66:0D:88:9B:06:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zGUyZJpq70cUhBucj1RmDYibBik.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/310d34-f5d8-4e96-9b7c-648f501afae5/1/uCr3wsSV16niwIIIeWHNsUKb9nk.roa
Signing time:             Mon 01 Jan 2024 16:30:34 +0000
ROA not before:           Mon 01 Jan 2024 16:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        195.234.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/310d34-f5d8-4e96-9b7c-648f501afae5/1/zGUyZJpq70cUhBucj1RmDYibBik.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/310d34-f5d8-4e96-9b7c-648f501afae5/1/zGUyZJpq70cUhBucj1RmDYibBik.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zGUyZJpq70cUhBucj1RmDYibBik.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:d9:e1:8b:5b:dc:ac:40:36:b8:ba:12:a3:ff:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc6532649a6aef4714841b9c8f54660d889b0629
        Validity
            Not Before: Jan  1 16:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b82af7c2c495d7a9e2c082087961cdb1429bf679
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:71:12:48:65:ca:b6:5a:3d:f8:d8:99:27:51:
                    0e:2d:d4:e1:34:6e:0b:f7:a5:28:8e:de:bd:60:12:
                    62:49:d3:90:75:51:7e:a2:f0:69:4c:48:66:66:fd:
                    fc:65:7e:1e:0f:18:a4:fd:03:88:6b:6f:81:6d:b1:
                    2f:c6:59:23:59:7d:5e:0c:7e:4d:0d:74:f6:41:b6:
                    31:f1:95:d0:ca:f3:c9:70:bd:90:fa:dd:b8:c9:04:
                    3f:12:6c:d4:ab:82:84:94:d3:c9:86:41:a3:a1:bd:
                    9d:56:d1:5f:45:56:ca:c2:02:f7:24:8d:4b:2a:aa:
                    a4:7c:1d:e8:fb:fc:12:ea:e1:0e:e6:a4:58:83:bc:
                    25:29:76:5a:3b:91:4f:e8:a7:3e:b5:20:53:71:5a:
                    ee:ac:cf:a3:a3:aa:04:6d:5b:f7:c4:76:9a:2e:c0:
                    57:82:e0:3a:2c:28:99:7d:8a:60:cf:01:18:49:84:
                    e4:be:78:62:2d:93:83:0b:0e:c8:7a:2a:10:23:b2:
                    ec:30:5d:1f:3d:75:78:fd:e9:02:68:84:39:28:85:
                    87:dd:8d:eb:11:a7:98:79:a8:e2:38:e9:22:8c:29:
                    f2:48:12:0c:33:b2:fa:9b:ad:b4:d6:b4:46:43:50:
                    23:0d:74:63:9f:91:d7:31:ec:15:5c:cd:e4:4d:e6:
                    95:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:2A:F7:C2:C4:95:D7:A9:E2:C0:82:08:79:61:CD:B1:42:9B:F6:79
            X509v3 Authority Key Identifier:
                keyid:CC:65:32:64:9A:6A:EF:47:14:84:1B:9C:8F:54:66:0D:88:9B:06:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zGUyZJpq70cUhBucj1RmDYibBik.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/310d34-f5d8-4e96-9b7c-648f501afae5/1/uCr3wsSV16niwIIIeWHNsUKb9nk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/310d34-f5d8-4e96-9b7c-648f501afae5/1/zGUyZJpq70cUhBucj1RmDYibBik.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:36:1c:f2:a9:50:8d:92:68:1b:ba:48:c6:16:a6:9a:f7:79:
         ab:e3:03:d7:c3:6f:75:1a:7c:5d:b3:85:03:37:df:eb:d3:ed:
         c6:3f:3f:df:e2:72:02:cd:6d:30:a2:c2:db:62:51:e9:79:97:
         17:0a:c7:a5:27:90:72:19:a8:c3:c4:fe:52:41:47:63:33:ae:
         cd:6e:cd:5e:56:db:08:4c:08:ce:4f:1c:e2:e3:cf:18:44:dc:
         82:8b:26:cf:d3:ec:db:58:36:cd:47:53:58:db:01:55:18:e0:
         70:8e:39:98:da:c2:2f:96:0b:fb:d7:8f:9f:7a:ef:df:d9:52:
         4a:71:cf:6a:e2:0f:09:6c:17:2d:2f:e6:f9:44:d1:82:a7:95:
         33:a1:f8:54:f7:6b:83:d9:ab:56:a8:5b:9f:52:59:4c:b7:19:
         cf:0e:5a:53:24:e7:76:27:04:e7:ac:7a:45:a7:e9:7f:7e:c8:
         9c:26:fa:d9:46:af:89:81:6a:24:91:9b:03:77:87:49:d7:4d:
         ea:51:b9:7f:f0:ae:ca:d0:db:94:74:d3:1a:3d:65:e5:f3:02:
         56:cd:d2:42:bb:dc:2b:d8:e0:da:92:d5:19:0e:e6:fb:42:12:
         ed:c7:60:9c:48:f6:fb:ea:55:5b:63:d4:fe:fe:70:38:b8:cd:
         4e:4b:5c:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Nnhi1vcrEA2uLoSo/8jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNjUzMjY0OWE2YWVmNDcxNDg0MWI5YzhmNTQ2NjBkODg5
YjA2MjkwHhcNMjQwMTAxMTYzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODJhZjdjMmM0OTVkN2E5ZTJjMDgyMDg3OTYxY2RiMTQyOWJmNjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgXESSGXKtlo9+NiZJ1EOLdThNG4L
96Uojt69YBJiSdOQdVF+ovBpTEhmZv38ZX4eDxik/QOIa2+BbbEvxlkjWX1eDH5N
DXT2QbYx8ZXQyvPJcL2Q+t24yQQ/EmzUq4KElNPJhkGjob2dVtFfRVbKwgL3JI1L
KqqkfB3o+/wS6uEO5qRYg7wlKXZaO5FP6Kc+tSBTcVrurM+jo6oEbVv3xHaaLsBX
guA6LCiZfYpgzwEYSYTkvnhiLZODCw7IeioQI7LsMF0fPXV4/ekCaIQ5KIWH3Y3r
EaeYeajiOOkijCnySBIMM7L6m6201rRGQ1AjDXRjn5HXMewVXM3kTeaVCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLgq98LEldep4sCCCHlhzbFCm/Z5MB8GA1UdIwQY
MBaAFMxlMmSaau9HFIQbnI9UZg2ImwYpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekdVeVpKcHE3MGNVaEJ1Y2oxUm1EWWliQmlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8zMTBkMzQtZjVkOC00ZTk2LTliN2Mt
NjQ4ZjUwMWFmYWU1LzEvdUNyM3dzU1YxNm5pd0lJSWVXSE5zVUtiOW5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8zMTBkMzQtZjVkOC00ZTk2LTliN2MtNjQ4ZjUwMWFmYWU1
LzEvekdVeVpKcHE3MGNVaEJ1Y2oxUm1EWWliQmlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+qRMA0G
CSqGSIb3DQEBCwUAA4IBAQBRNhzyqVCNkmgbukjGFqaa93mr4wPXw291Gnxds4UD
N9/r0+3GPz/f4nICzW0wosLbYlHpeZcXCselJ5ByGajDxP5SQUdjM67Nbs1eVtsI
TAjOTxzi488YRNyCiybP0+zbWDbNR1NY2wFVGOBwjjmY2sIvlgv714+feu/f2VJK
cc9q4g8JbBctL+b5RNGCp5UzofhU92uD2atWqFufUllMtxnPDlpTJOd2JwTnrHpF
p+l/fsicJvrZRq+JgWokkZsDd4dJ103qUbl/8K7K0NuUdNMaPWXl8wJWzdJCu9wr
2ODaktUZDub7QhLtx2CcSPb76lVbY9T+/nA4uM1OS1z4
-----END CERTIFICATE-----